Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/qMKOIrCowr-evIF2TKMj48rb5ME.roa
File:                     qMKOIrCowr-evIF2TKMj48rb5ME.roa (raw, json)
Hash identifier:          AsnmGDasDlnURHsWZv2Xw6xs4e4snEFqyNhGTwaLi9I=
Subject key identifier:   A8:C2:8E:22:B0:A8:C2:BF:9E:BC:81:76:4C:A3:23:E3:CA:DB:E4:C1
Certificate issuer:       /CN=1b12120c351c14eec22109f603249fcdac1d3321
Certificate serial:       019990975D05FF4DEF9FDC8B52BB3CE6BEA6
Authority key identifier: 1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/qMKOIrCowr-evIF2TKMj48rb5ME.roa
Signing time:             Sun 28 Sep 2025 13:51:02 +0000
ROA not before:           Sun 28 Sep 2025 13:51:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213737
IP address blocks:        2a14:db80:4::/48 maxlen: 48
                          2a14:db80:10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:90:97:5d:05:ff:4d:ef:9f:dc:8b:52:bb:3c:e6:be:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b12120c351c14eec22109f603249fcdac1d3321
        Validity
            Not Before: Sep 28 13:51:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8c28e22b0a8c2bf9ebc81764ca323e3cadbe4c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:96:43:65:8a:b0:4a:d0:1d:7e:9c:a7:67:f3:
                    36:40:b4:e9:64:a5:39:25:40:18:b6:2c:ec:66:dd:
                    cc:62:fa:89:84:65:78:d5:1f:cf:30:0b:b3:f2:ab:
                    56:f9:cb:7a:fa:76:5a:48:8f:ce:d5:66:09:d3:5d:
                    be:18:60:b5:59:a7:2d:da:b0:77:36:cc:4f:67:17:
                    22:7a:b3:6c:88:76:5e:a9:ed:95:e6:e6:20:09:dc:
                    e9:9f:b4:bc:b5:77:d2:f5:38:63:56:bc:80:90:86:
                    da:9a:4e:5b:46:cc:70:b7:e1:16:fc:aa:ee:f0:62:
                    b1:cc:59:4c:57:41:ad:ae:dd:65:4b:76:08:53:af:
                    c7:d7:37:83:4c:19:c4:c5:18:01:d1:e9:5f:c4:d7:
                    1e:1d:cb:19:73:a9:5a:3d:14:ba:1f:64:7e:a1:9e:
                    f5:35:f1:2f:28:06:6c:13:4e:18:20:f3:07:ae:04:
                    6e:19:47:ce:8e:18:70:99:56:37:b5:80:e1:76:f8:
                    4b:04:61:bd:5a:11:da:9b:01:26:09:75:2e:f5:a7:
                    ad:77:2d:04:94:70:46:35:75:96:43:54:a1:7f:ef:
                    b9:24:29:a3:e5:6e:2d:78:c4:84:db:b6:1c:13:58:
                    02:2d:d0:f1:ef:e3:e5:ee:a3:d0:5b:36:6a:d0:68:
                    cf:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:C2:8E:22:B0:A8:C2:BF:9E:BC:81:76:4C:A3:23:E3:CA:DB:E4:C1
            X509v3 Authority Key Identifier:
                keyid:1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/qMKOIrCowr-evIF2TKMj48rb5ME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:db80:4::/48
                  2a14:db80:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:6c:97:6a:01:80:10:63:cc:e8:3e:cf:99:a5:33:ec:aa:0d:
         02:21:64:d1:7f:3a:d8:9e:7f:1c:b7:5f:49:a6:43:32:3c:6c:
         60:9f:67:27:77:9f:19:a0:f3:dd:0f:ca:c5:83:cd:2c:d8:97:
         84:d7:7e:d2:d1:e3:81:b3:79:32:06:9e:8c:50:3e:c7:13:a4:
         ab:a5:b9:2a:16:34:de:1b:81:9c:5e:4b:8b:fe:94:98:0c:6a:
         d6:15:0a:ae:bd:ee:79:02:71:95:62:e4:67:4b:23:8e:6e:42:
         c8:80:5c:35:4d:76:4c:ca:f9:bc:39:e9:5a:a0:32:93:bc:06:
         f8:49:a8:61:25:4b:76:1f:00:c0:06:89:2a:bd:25:92:1a:36:
         9c:8e:d3:83:af:53:37:2c:48:89:91:a5:0c:1f:12:07:f6:36:
         3c:d7:5c:cd:c1:e9:b9:6d:49:06:e8:01:5e:fe:0e:9d:41:1c:
         53:52:12:8c:04:34:1f:06:26:db:4e:cf:6d:44:9c:e2:8b:40:
         8a:87:e2:3e:c7:a4:ed:df:b4:0f:6d:93:ae:cc:71:94:ad:01:
         c0:97:fd:fd:72:12:b2:ee:88:69:e9:3d:1e:54:0e:01:db:e6:
         4e:07:a7:9b:19:7b:8c:e5:5f:10:02:74:d8:e0:76:b4:cc:52:
         db:e0:db:7e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmQl10F/03vn9yLUrs85r6mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTIxMjBjMzUxYzE0ZWVjMjIxMDlmNjAzMjQ5ZmNkYWMx
ZDMzMjEwHhcNMjUwOTI4MTM1MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGMyOGUyMmIwYThjMmJmOWViYzgxNzY0Y2EzMjNlM2NhZGJlNGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpZDZYqwStAdfpynZ/M2QLTpZKU5
JUAYtizsZt3MYvqJhGV41R/PMAuz8qtW+ct6+nZaSI/O1WYJ012+GGC1Wact2rB3
NsxPZxcierNsiHZeqe2V5uYgCdzpn7S8tXfS9ThjVryAkIbamk5bRsxwt+EW/Kru
8GKxzFlMV0Gtrt1lS3YIU6/H1zeDTBnExRgB0elfxNceHcsZc6laPRS6H2R+oZ71
NfEvKAZsE04YIPMHrgRuGUfOjhhwmVY3tYDhdvhLBGG9WhHamwEmCXUu9aetdy0E
lHBGNXWWQ1Shf++5JCmj5W4teMSE27YcE1gCLdDx7+Pl7qPQWzZq0GjPkQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKjCjiKwqMK/nryBdkyjI+PK2+TBMB8GA1UdIwQY
MBaAFBsSEgw1HBTuwiEJ9gMkn82sHTMhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUt
NDNkZjQ3ZDVhMWU3LzEvcU1LT0lyQ293ci1ldklGMlRLTWo0OHJiNU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUtNDNkZjQ3ZDVhMWU3
LzEvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhTbgAAE
AwcAKhTbgAAQMA0GCSqGSIb3DQEBCwUAA4IBAQBHbJdqAYAQY8zoPs+ZpTPsqg0C
IWTRfzrYnn8ct19JpkMyPGxgn2cnd58ZoPPdD8rFg80s2JeE137S0eOBs3kyBp6M
UD7HE6SrpbkqFjTeG4GcXkuL/pSYDGrWFQquve55AnGVYuRnSyOObkLIgFw1TXZM
yvm8OelaoDKTvAb4SahhJUt2HwDABokqvSWSGjacjtODr1M3LEiJkaUMHxIH9jY8
11zNwem5bUkG6AFe/g6dQRxTUhKMBDQfBibbTs9tRJzii0CKh+I+x6Tt37QPbZOu
zHGUrQHAl/39chKy7ohp6T0eVA4B2+ZOB6ebGXuM5V8QAnTY4Ha0zFLb4Nt+
-----END CERTIFICATE-----